Description of problem: Selinux denied PolicyKit to perform the Admin authentication. Version-Release number of selected component (if applicable): PolicyKit-0.8-2.fc9 selinux-policy-3.3.1-74.fc9 How reproducible: Always Steps to Reproduce: 1. System->Pref->System->authorizations 2. Click show authorizations from all users 3. Type in the root password Actual results: Failed to authenticate as the admin Expected results: A successful authentication Additional info: Source: polkit-read-autSource Path: /usr/libexec/polkit-read-auth-helper Port: <Unknown>Host: xxxxxx.dhcpxx.xx.edu Source RPM Packages: PolicyKit-0.8-2.fc9 Target RPM Packages: Policy RPM: selinux-policy-3.3.1-74.fc9 Selinux Enabled: True Policy Type: targeted MLS Enabled: True Enforcing Mode: Enforcing Plugin Name: catchall Host Name: x.x.x.edu Platform: Linux x 2.6.25.9-76.fc9.i686 #1 SMP Fri Jun 27 16:14:35 EDT 2008 i686 i686 Alert Count: 880 First Seen: Thu 10 Jul 2008 11:25:40 PM EDT Last Seen: Thu 10 Jul 2008 11:30:46 PM EDT Local ID: 90d6db55-6bf6-429e-8060-60c8421582a3 Line Numbers: Raw Audit Messages : host=x type=AVC msg=audit(1215747046.897:1122): avc: denied { dac_override } for pid=3970 comm="polkit-read-aut" capability=1 scontext=system_u:system_r:polkit_auth_t:s0 tcontext=system_u:system_r:polkit_auth_t:s0 tclass=capability host=x type=AVC msg=audit(1215747046.897:1122): avc: denied { dac_read_search } for pid=3970 comm="polkit-read-aut" capability=2 scontext=system_u:system_r:polkit_auth_t:s0 tcontext=system_u:system_r:polkit_auth_t:s0 tclass=capability host=x type=SYSCALL msg=audit(1215747046.897:1122): arch=40000003 syscall=195 success=no exit=-13 a0=bff47e7c a1=bff47cd8 a2=7284ff4 a3=bff47e7c items=0 ppid=3882 pid=3970 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=87 sgid=87 fsgid=87 tty=(none) ses=4294967295 comm="polkit-read-aut" exe="/usr/libexec/polkit-read-auth-helper" subj=system_u:system_r:polkit_auth_t:s0 key=(null)
Message from polkit-gnome-authorization with a new user: ** (polkit-gnome-authorization:6763): WARNING **: Error: code=3: uid 501 is not authorized to read authorizations for uid 501 (requires org.freedesktop.policykit.read) PAM version: pam-1.0.1-4.fc9.i386 I changed it to high because the entire policy thing is not working at all. It may be due to the misconf of my machine but I can't find any clue. cat /etc/pam.d/polkit #%PAM-1.0 auth include system-auth account include system-auth password include system-auth session include system-auth
Not a bug. owner of /usr/lib/PolicyKit was mistakenly set to root:root. Reinstalling PolicyKit with yum reinstall PolicyKit solves the problem.